Gebruikersregistratie beveiliging

Enable manual approval of WordPress user accounts. If your site allows people to create their own accounts via the WordPress registration form, then you can minimize SPAM or bogus registrations by manually approving each registration.

WordPress PingBack Vulnerability Protection feature. This firewall feature allows the user to prohibit access to the xmlrpc.php file in order to protect against certain vulnerabilities in the pingback functionality. This is also helpful to block bots from constantly accessing the xmlrpc.php file and wasting your server resource.

Ability to block fake Googlebots from crawling your site.

Ability to prevent image hotlinking. Use this to prevent others from hotlinking your images.

Ability to log all 404 events on your site. You can also choose to automatically block IP addresses that are hitting too many 404s.

Ability to add custom rules to block access to various resources of your site.

Front-end Text Copy Protection

Ability to disable the right click, text selection and copy option for your front-end.

Regelmatige updates en toevoegingen van nieuwe beveiligingsfuncties.

WordPress Security is something that evolves over time. We will be updating the All In One WP Security plugin with new security features (and fixes if required) on a regular basis so you can rest assured that your site will be on the cutting edge of security protection techniques.

Werkt met de meeste populaire WordPress plugins

It should work smoothly with most popular WordPress plugins.

Aanvullende kenmerken

Ability to remove the WordPress Generator Meta information from the HTML source of your site.

FAQ

Beoordelingen

Indeed, we are still getting to discover all the options and security features, but we are very happy with our choice. It is an excellent plugin. Everything is explained for each button (which is of big help for us beginners) and it is simple to use so fast to learn. Thank you for that effort!

4.1.0

Fixed bug in Maintenance menu page when trying to attach a media file to the message text box.

Added a new filter (called “aiowps_ip_blocked_error_msg”) which allows the modification of the error message displayed on the login page when an IP address has been blocked by the login lockdown feature.

Updated French language translation. Thanks to Claude Ribaux for providing the translation files.

4.0.7

Added a new action hook “aiopws_before_set_404” which triggers just before the AIOWPS sets a 404. (handy for cases when rename login page is used which affects some themes when accessing “wp-admin” directly)

Fixed some potential SQL injection vulnerabilities.

Thanks to @chesio for submitting the following changes and applying the fixes.

Sub-directory install fixes.

Improve behavior of WP File Access tab.

Fix invalid nesting of HTML elements.

Do not block HTTP requests that contain “tag=” in query string.

Option to enable the 6G firewall.

4.0.6

Removed the viewing of contents of wp-config.php and .htaccess files in order to protect sensitive info.

Fixed more potential XSS vulnerabilities in some other settings pages. (Once again many thanks to Erin Germ for pointing these out)

4.0.5

Fixed some potential XSS vulnerability in the blacklist, file system and file change detection settings pages. (Many thanks to Erin Germ for pointing these out)

3.9.4

The sort order and orderby parameters now use a whitelisting approach for sanitization.

3.9.3

Fixed the sort order not working in the 404 error logging and account activity page.

3.9.2

Added a check for registration captcha feature to prevent errors when using another captcha plugin.

Improved a few SQL statements.

3.9.1

Added new “Force Logout” feature which will instantly force a certain user to be logged out of their session. (See the “Logged In Users” tab in User Login menu)

Added more security protection for aiowps log files by creating .htaccess file and rules. AIOWPS log files can now only be viewed via dashboard menu, in new tab called “AIOWPS Logs”. (NOTE:This security currently applies only for apache or similar servers)

Added backticks to SQL statement for DB prefix change to help prevent errors.

3.7.6

Added a condition around the management permission constant. This will allow users to define a custom capability for this plugin’s admin side via the wp-config file. This was submitted by Samuel Aguilera.

Fixed a bug with the hidden login page feature.

Fixed a small settings bug with the “block fake google bot” feature.

3.7.5

Added a new DB scan feature. Go to the “Scanner” menu to use this new feature.

Added new settings import/export feature.

Modified user accounts feature to alert administrator if one or both “admin” or “Admin” usernames are being used.

Moved the custom login page feature’s handling code to wp-loaded hook so other plugins that modify the login page can do their task before our one is triggered. This change was suggested by Mark Hudnall.

Added German language translation. The translation was submitted by Manuel Fritsch.

Added code to hide the “DB Prefix” menu for the non-main sites in multi-site installation

3.6

Added a new feature to prevent image hot-linking. (See the “Prevent Hotlinks” tab in the firewall menu)

Added a check in the Rename Login Page feature to prevent people from setting the slug to “wp-admin”

Fixed a small bug with Login Lockdown feature.

3.5.1

Fixed a bug where the cookie-based brute force directives were not being deleted from the .htaccess file when the Rename Login Page feature was being activated.

3.5

Added new feature which will Block Fake Googlebots from crawling your site. Check the Firewall menu for this new feature.

Added code to prevent users from having both the Rename Login Page and Cookie-Based Brute Force features active at the same time.

Added some useful info boxes in the dashboard: 1) to inform the user if the cookie based brute force or rename login page features are active, 2) last 5 logins to your site.

Fixed minor bug with .htaccess backup feature.

Updated the from email address value used for sending backups and file change notification. Thanks to @TheAssurer for the tip.

Updated the warning message for the disable index view feature.

3.4

Consolidated “Brute Force” features by moving all such features to the “Brute Force” menu.

Improved the file change detection scan feature: Introduced a button allowing admin to view the file change results from the last scan and fixed small bug whereby the change detected flag was not being cleared for applicable cases.

3.2

Added new feature which allows users to generate an automated unlock request link via email when they get locked out because of the login lockdown feature.

Added a check to ensure that user cannot enter 0 minutes in the Force Logout feature.

Fixed translations so that various previously omitted strings can now be translated.

Added a new filter before locking down a user’s IP address – aiowps_before_lockdown.

Generated a new translation (POT) file.

3.1

Added a new feature that will allow you to add a captcha to the lost password form (useful if you are allowing user registration on your site).

Added ability to specify a system log file in the “Host System Logs” tab of the “File System Security” menu

Fixed a tab link bug. One link was going to the wrong menu tab.

Updated the POT file of the plugin.

3.0

Added a new feature which allows you to add captcha to the WordPress user registration page.

Added some more helpful comments and link to video tutorial in the brute force and white list features settings pages.

2.9

Added new feature which automatically sets the status of newly registered wordpress user accounts to “pending” and allows manual approval by an administrator.

Improved robustness of file change detection iteration code.

WordPress 3.7 compatibility

2.8.1

Improved the login captcha implementation

Changed the management permission to manage_options

2.8

Added a feature to insert a simple math captcha to the WordPress comment form (to reduce comment spam). Check the spam prevention menu for this new feature.

Fixed a minor bug with bulk unlock/delete in user login menu

Fixed a minor bug with math captcha logic.

2.7

Added a simple math captcha functionality for the WP login page. This is another easy yet effective way to combat Brute Force Login Attacks. You can enable this new feature from the user login security menu.

2.6

Added a new Login Whitelist feature. This feature enables you to specify one or more IP addresses in a special whitelist which will have access to your WP login page.
All other IP addresses trying to access your WP login page which are not in the whitelist will be automatically blocked.

The IP address will also be included in the email that gets sent to the admin for the ip address lockout notification.

Language file loading fix for Chinese language.

Tweaked the code which creates a .htaccess file in the backup directory to ensure it gets run even if the directory already existed.

2.0

Fixed multi-site DB backup – the plugin will now backup only the tables relevant for the sub-site in question.

Added blank index.html files in various folders inside the plugin.

Disabled the wp-config.php file backup feature until we find a more secure method of doing the backup.

1.9

Added new WordPress PingBack Vulnerability Protection feature. This allows the user to prohibit access to the xmlrpc.php file in order to protect against certain vulnerabilities in the pingback functionality.

Added a configuration item in the brute force login prevention feature to allow ajax functionality to work properly when this feature is enabled.

Added a POT file for language translations.

Made the DB Prefix feature more robust by adding a check to ensure that plugin can write to the wp-config.php file. This will prevent user from losing access to their site in cases where the system changed the prefix but not the entry in the wp-config.php file.

Tightened the data validation for the cookie based brute force login feature to ensure that the user must enter a secret word which consists of alphanumeric characters.

Added edit links to the user account list in the “User Acounts” menu.

1.8

Moved the front end site lockout feature to a new menu called “Maintenance”.

Added a feature in the front-end lockout feature to allow people to specify their own message which will be displayed on the front-end to visitors who try to access the site when it is in lock out state.

Fixed a bug in the front-end lockout feature by adding some checks which ensure that the admin will not get locked if the feature is still active and their login session expires or they log out.

Added a widget in the dashboard menu to show the status of the “maintenance mode” feature.

1.7

Added a new feature which is a password strength tool which calculates how easy it is for your chosen password to be cracked using a desktop PC and the appropriate SW. This tool should help you create strong passwords.

Added a front-end general visitor lockout feature. This feature allows you to temporarily lock down the front end of your site while you do security investigation, site upgrades, tweaks etc.

1.6

Added a new option in the cookie-based Brute Force Login Attack prevention feature to allow users to use this feature together with the WordPress’s post/page password protection feature.

Fixed a bug in the 5G firewall rules to so that the printed rules include the correct number of ‘\’ characters.

Fixed a minor bug in the “restore from backed up htaccess file” feature.

Enhanced the “Save current wp-config.php file” feature so it will continue to work with all of the firewall rules active on the site.

Added extra checks to account for some error scenarios caused on some servers when recursive file search is done.

1.5

Added new feature – Cookie-based Brute Force Login Attack Prevention. Check under the “Firewall” menu for this new feature.
This feature will stop hackers in their tracks when they try to access your wp-admin or login pages. This feature will secure your WordPress backend by enforcing the requirement that anybody trying to access these pages will require a special cookie.

1.4

Tweaked the “Deny Bad Query Strings” firewall rules so that plugin deletion and update operations from the WordPress plugins menu are not affected.

Fixed a minor bug related to scheduled database backups.

Added some extra default settings to be applied to the plugin’s configuration pages upon activation for the first time.

Plugin will now display a recommendation message if user sets scheduled backup frequency to less than 24 hours.

1.3

Added a new feature to remove the WordPress Generator Meta information from the HTML source of your site.

Tweaked the “Advanced Character String Filter” to fix issue which was affecting plugins such as “Admin Management Xtended” and also pages with keywords such as “password” in the URL.

Updated one rule in the “Advanced Character String Filter” feature to make it compatible with W3 Total Cache Plugin’s minify feature.

Added a “Delete All Failed Login Records” option in the “Failed Login Records” tab. This will delete all entries in the failed logins table and will make it less tedious for users who get a lot of brute force attacks on their site.

1.2

Moved the rules which disable index views from the “basic firewall” rules to the “additional rules” section. This will prevent any site breakage for
those who want to enable the basic firewall but do not have “AllowOverride” option enabled in their httpd.conf

1.1

Added the following new feature:

Prevent people from accessing the readme.html, license.txt and wp-config-sample.php files.